CVE-2020-7729

HIGH

grunt <1.3.0 - RCE

Title source: llm

Description

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

References (6)

[Exploit, Third Party Advisory] https://snyk.io/vuln/SNYK-JS-GRUNT-597546

[Third Party Advisory] https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922

[Broken Link] https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249

[Patch, Third Party Advisory] https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html

[Third Party Advisory] https://usn.ubuntu.com/4595-1/

Scores

CVSS v3 7.1

EPSS 0.0242

EPSS Percentile 85.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (4)

canonical/ubuntu_linux 18.04

debian/debian_linux 9.0

gruntjs/grunt < 1.3.0

npm/grunt 0 - 1.3.0npm

Published Sep 03, 2020

Tracked Since Feb 18, 2026